Deprecated: Function create_function() is deprecated in /nas/content/live/evolveconsult/wp-content/themes/salient/functions.php on line 5598

Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /nas/content/live/evolveconsult/wp-content/plugins/js_composer_salient/include/classes/core/class-vc-mapper.php on line 111
CQC Guidance – Evolve Consulting Group

CQC Guidance


CPD Changes from GDC

The enhanced CPD scheme is starting on 1 January 2018 for dentists and 1 August 2018 for dental care professionals. Registrants risk removal from the register if they do not comply.

Enhanced continued professional development (ECPD)

The GDC has now published the enhanced CPD guidance document which is available on their website

Depending on your professional status, a minimum number of hours of verifiable CPD for each five-year cycle needs to be completed, as set out below.

Professional title Minimum hours of CPD per cycle
Dentists 100
Dental therapists 75
Dental hygienists 75
Orthodontic therapists 75
Clinical dental technicians 75
Dental nurses 50
Dental technicians 50

All registrants must also ensure that they declare at least 10 hours during any 2-year period, regardless of how many hours they have done during their cycle.​​

  • A Personal Development Plan (PDP) must be completed by 31 December 2017, available for future inspection by the GDC
  • All CPD must be linked to one of four ‘development outcomes’, a new GDC metric
  • You must submit a CPD statement every year as part of your annual renewal
  • There is no more need to record non-verifiable CPD from 1 January 2018
  • You must keep a log of CPD undertaken throughout the year.

For those in mid-cycle, the GDC have produced an online tool to help manage your CPD.

Frequently Asked Questions

Do I need to submit a CPD statement every year?

​Yes, it is a mandatory requirement to submit a CPD statement every year as part of your annual renewal. A statement must be made even if you have not undertaken any CPD hours. Failure to do so may put your registration at risk.

What is a Personal Development Plan?

​ A personal development plan must be created for each CPD cycle. A personal development plan specifies the areas of CPD you propose to undertake over the course of your cycle. It should be created at the start of your cycle but can be adapted throughout your cycle as your needs change.

Do I need to do any non-verifiable CPD?

​There is no mandatory requirement to inform the GDC of any non-verifiable CPD completed under the enhanced CPD scheme. However, if you are part way through your CPD cycle and transitioning to the enhanced CPD scheme, you will still be required to declare a pro-rata amount of non-verifiable CPD for those years that fell under the old CPD rules.

Will the GDC be quality assuring CPD?

​No. The GDC does not have the power to quality assure CPD.

I haven’t completed enough hours over my 5 year CPD cycle, can I have an extension?

If the minimum CPD requirement have not been completed. A request for a cycle extension can be submitted in writing 6 months before the end of the cycle.

For any further queries regarding a extension possibilities, please contact the CPD team at the GDC on +44 (0)20 7167 6000 or via email at

What do I need to keep for my written record?

​You need to keep a written record of:

  • a personal development plan which details all the CPD you plan to undertake, which is created from the beginning of your cycle but which can be adapted throughout your cycle as your needs change;
  • a log of the CPD you actually undertook- including the date it was undertaken and number of hours gained from each CPD activity;
  • the evidence (e.g. certificate) you gained from the providers for each CPD activity;
  • the development outcomes mapped against all planned and completed CPD activities

 What is the difference between a CPD statement and a CPD record?

A CPD statement is a declaration that you are required to submit each year to confirm that you have met the requirements set out in the CPD rules.

To ensure compliance your statement should confirm:

  • The number of verifiable CPD hours undertaken in that year, or if you have done no hours in that year, then confirm you have done zero hours;
  • A CPD record;
  • The CPD undertaken is relevant to your field of practice;
  • That the information you have provided is full and accurate.

A CPD record is the documentary evidence demonstrating each item of CPD you have undertaken. This comprises a personal development plan and log of all CPD activity you complete. You only need to show us your CPD record if we specifically ask you for it.

Your CPD record should contain:

  • a personal development plan which details all the CPD you plan to undertake, the development outcomes that you aim to meet and timeframe for completing the CPD. This should be created at the start of your cycle and adapted throughout your cycle as your needs change,
  • a log of the CPD you undertook- including the date it was undertaken, number of hours gained from each CPD activity
  • the evidence (e.g. certificate) you gained from the providers for each CPD activity
  • the development outcomes mapped against all planned and completed CPD activity.

 What do I need to give to the GDC and when?

For each year of your cycle, you must declare to the GDC that you have completed your CPD requirements for that year. You can do this by logging on to eGDC at any time of the year and making your annual CPD statement.

When your registration year has ended and the declaration period is closed for that year, you will not be able to amend your CPD statement for that year.

In the final year of your cycle, your annual statement must include:

  • The total number of hours of CPD you have undertaken in your five year cycle;
  • Confirmation that the CPD you completed was relevant to each field of practice you worked in for the five year period.
  • What if I am on maternity leave? Will this change my CPD requirement?
  • ​If you are on maternity leave and wish to remain registered, you will still need to meet your CPD requirements. This means you must fulfil all the requirements under the enhanced CPD scheme.

You do not need to physically submit your CPD record unless you are asked to. You may be asked to submit if you are non-compliant or for an audit.

For specific queries, or to book CPD courses for yourself or your practice, contact us. 

[gravityform id=”4″ title=”true” description=”true”]




Data Protection GDPR

What is the EU GDPR?

The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018 and all organisations are required to be compliant with GDPR by this date. The new regulation supersedes the implementations of the EU Data Protection Directive of 1995, which is the basis for the UK Data Protection Act 1998. The UK government’s new data protection legislation is expected to implement a large proportion of the GDPR and was published yesterday September 14 2017.

Why did the EU change its data protection regulations?

The previous data protection regulations were considered outdated for today’s increasingly digital society. The new legislation champions greater rights to data subjects, while streamlining data protection laws across the EU.

What about Brexit?

The new Data Protection Bill is based on the GDPR thus the majority of the legislation will remain the same. The Information Commissioner will continue to enforce Data Protection in the UK, and has confirmed that the GDPR will apply.

What is different about the GDPR?

  • Individuals and organisations who are either ‘controllers’ or ‘processors’ of personal data are covered by the GDPR. A ‘controller’ is in individual or entity that determines the purpose and manner of personal data use. A ‘processor’ is an individual or group that ‘processes’ the data on the controller’s behalf (obtaining, recording, altering or storing personal data)
  • Companies governed by GDPR will be more accountable for handling data
  • ‘Personal data’ will have a more broad definition, therefore more data will be regulated than previously, including an individual’s genetic, mental, economic, social, cultural identity.
  • Certain companies that process large scale or special personal data will have to employ a data protection officer (DPO)
  • The DPO must have sufficient knowledge in order to understand and meet the standards set by the bill
  • Mandatory Data Protection Impact Assessments (DPIA) have been introduced for high-risk data processing, which build on existing good practice Privacy Impact Assessments (PIA) as previously set out by the ICO as part of the Data Protection Act 1998
  • Data breach notifications will need to be made within 72 hours to the ICO including financial loss, confidentiality breaches and reputation damage
  • Data processors will also have legal responsibility and therefore may be held accountable for data breaches
  • The rules for obtaining consent have changed. A ‘positive opt in’ policy will be employed; explicit consent must be obtained to process data, by explaining in a clear manner that consent is being given for data to be used
  • Consent will be required for processing children’s data (under the age of 16)
  • There are restrictions on international data transfers
  • Hefty penalties have been introduced; organisations found in breach of the Regulation may be fined up to 4% of annual turnover or a maximum of €20 million – whichever is greater
  • There are processes in place for deletion of data; data subjects have a ‘right to be forgotten’
  • Individuals can now request information free of charge, whereas previously a Subject Access Requests would permit companies to charge £10 for data to be provided.
  • Time restrictions are in place for providing individuals with personal data- one month from the date of request

Things to consider in your practice- GDPR FAQs

Dental practices will hold personal data and ‘special’ – health – data

Who registers?

Employers and practice owners should register as controllers. Self employed associates should also register individually as controllers. Staff members who are employed or DFTs may be covered by their employer’s registration

Appointing a data protection officer

As dental practices process health data, this is considered ‘special’ data according to GDPR, therefore you will be required to appoint a DPO. Consider who you would appoint within your practice to lead data protection compliance. The DPO has a series of responsibilities which are directly set by the ICO, therefore this role will require some time from your staff members. The individual you choose is likely to require additional training to familiarise themselves with the legislation in order to facilitate GDPR changes by 25 May 2018. Some organisations consider outsourcing the role to an external consultancy to ensure compliance is met and standards are trained.

Determine what sort of data you hold and how it is stored

If you use online backups for your data, such as a Cloud server- check its location. Data should be held within the EU in accordance with the legislation. You may need to organise an information audit to determine the type of data you process.

What about Invisalign cases? This requires transfer of sensitive data to a non EU country. 

A risk assessment must be carried out for all international data transfers. Although the US has HIPAA (data protection for healthcare organisations), this is not as stringent as the GDPR. However, there is discussion of a US/EU safe-harbour.

Interestingly, Align Techonology Inc (Invisalign) was the first company to successfully close a dual application for BCR (binding corporate rules) for both processors and controllers, which ensured data protection compliance in global information transfer under previous data protection directives. It is likely that Align will continue to uphold its commitment to data protection compliance as the GDPR unfolds.

Deletion of data- will we be required to delete dental records if a patient requests?

As dental records fall under ‘special’ data, these would not undergo deletion

How does ‘positive opt-in’ affect us?

This determines how a patient wishes to be contacted by the practice. While previously an individual may be contacted via any means and would have to notify the organisation if they preferred to opt out of communication, they would now have to opt in. This can be relevant with your practice marketing; you will now need to gain consent for marketing emails, text messages and post. We suggest having a tick box on the medical history form confirming how patients would prefer to be contacted, and explicitly requesting their consent to do so.

The Information Commissioner’s Office (ICO) recommends that businesses commence their preparation. More changes and guidance will be released by the ICO over the coming months.


As further developments in GDPR legislation and how it will be implemented in health-care unfold, we can continue to keep you informed.


We have formulated an action plan which allows you to determine steps you must take for your practice to meet the standards. This will incorporate the required PIA, so that your assessment is in line with the Regulation.


We will train your chosen DPO to ensure that they meet the required standards, understand the GDPR and how to begin implementing it into your practice.

Data Protection Assessments 

Our Risk Assessment services are all in-House. We visit your practice and conduct a thorough Data Protection Risk Assessment. A report is generated with an action plan for you to follow and implement, that is specific to your practice.


Our consulting services are always bespoke, and data protection is no exception. We can formulate a tailor-made package for you in which we determine via Risk Assessment what steps are required for your practice to meet the Regulation, provide training for your DPO, and manage the required action plan. GDPR is taken care of by us.

[gravityform id=”4″ title=”true” description=”true”]


Hep B Vaccine Shortages

Following complications with the manufacturing process, there is a global shortage of hepatitis B vaccine until early 2018.

Team members should ideally be vaccinated and have proof of immunity. However, where this is not possible due to shortages in vaccine availability, Public Health England (PHE), have recommended a risk assessment and risk management approach.

  1.  Follow safe injecting, sharps disposal and universal precautions in healthcare settings
  2. Use appropriate protective precautions where contact is unavoidable

A recent statement from the General Dental Council advises:

“You may have heard that there is a global shortage of hepatitis B vaccine. Public Health England have issued this advice which suggests some dental professionals should restrict certain activities until vaccinated.”

Public Health England (PHE) has issued the following statement:

“Dentists coming from non-UK universities, if not already vaccinated, who are trying to get onto the Performers List, and other members of the wider dental team e.g. dental nurses hygienists may need to restrict certain activities until vaccine becomes available”


“Undergraduate courses who are due to start work as VTs in September may be due a routine booster (normally given around five years after the primary course). The benefit of this booster in known responders to vaccination is small, and therefore it can be safely deferred until early 2018. Not having received the booster should not be a barrier to ongoing work.’

PHE have developed the following temporary recommendations based on the table below:

A risk assessment should be made for each individual employee and categorised using the table of priorities ranging from 1- highest risk to 5- lowest risk.


Prioritisation Exposure type Examples of individuals in this category (note this is not exhaustive but for illustration only)
1 Highest risk and urgency Post exposure Substantial exposure to infected blood from a known hepatitis B infected source Infants born to hepatitis B infected mothers
2 Post exposure Other exposure to a known hepatitis B infected source Needlestick or other sharps injury from known positive person, sexual exposure to an acute case of hepatitis B
3 Post exposure Exposure to an unknown source Needlestick injury from discarded needle in community, sexual assault, mass casualties from a major incident
Pre-exposure Priming for unavoidable, high and imminent risk Clinical health care workers with regular blood exposure, particularly those performing exposure prone procedures (e.g. surgeons, dentists), and those working in certain settings (e.g. renal units, hospital laboratory workers). Other first responders required to attend major trauma with likely blood contamination.
Pre-exposure Priming for unavoidable, high and imminent risk, with high risk of onward transmission and co- circulating viruses e.g. HIV, HDV Sex workers, MSM with multiple partners, PWID, prisoners, people travelling to endemic countries for medical treatment, patients on renal dialysis units.
4 Pre-exposure Priming for those at lower risk and those that can access advice in the event of a recognised exposure Household contacts of people with hepatitis B, most other health care workers and ancillary staff in UK healthcare settings, other occupations at risk of percutaneous exposures.
Pre-exposure Priming for those at lower risk or where risk may be avoided or delayed Other travel to medium and high endemicity countries. Individuals with cirrhotic liver disease.
5 Lowest risk and urgency Pre-exposure Boosting and reinforcing doses For healthy individuals who have completed a primary course of immunisation (three doses).

PHE described “Clinical health care workers with regular blood exposure, particularly those performing exposure prone procedures (e.g. surgeons, dentists)” as priority 3. A risk assessment needs to be undertake, as not all staff will carry out exposure prone procedures and would not fall into category three.

What are Exposure prone procedures (EPPs)?

Exposure prone procedures refer to invasive procedures where injury to the worker can result in exposure of the patient’s open tissues to the blood of the worker. In particular procedures involving contact with sharp instruments, needle tips and sharp tissues (spicules of bone or teeth) inside a patient’s open body cavity, wound or confined anatomical space where the hands or fingertips may not be completely visible at all times.

How to manage a needle stick injury?

If an injury from a known hepatitis B positive person has occurred, this is categorised as high Priority 2, and the possibility of receiving the vaccine from occupational health, A&E or GP is more likely.

What to do with the Hep B shortage?

You must understand and follow the guidelines during the shortage to ensure the safety of you team members. Decisions must be made on each individual worker and should be based on the advise from PHE, GDC and an individual risk assessment.

  • Review and adopt our guidance on immmunisations
  • Request that team members are vaccinated by the GP or occupational health based on the PHE category 3: ‘Hepatitis B vaccination in adults and children: temporary recommendations from 21 August 2017’
  • Perform a risk assessment and adapt or restrict activities accordingly.

Useful links:

Hepatitis B: vaccine recommendations during supply constraints

CAS alert – should be filed in your safety alert folder:

If you require specific guidance for your practice, use our contact form to get in touch.

[gravityform id=”4″ title=”true” description=”true”]